GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    mjw (mjw@mastodon.nl)'s status on Saturday, 09-Nov-2024 19:26:25 JST mjw mjw

    There is this 5 year old CVE against bzip2 which turned out to be bogus. The long story: https://gnu.wildebeest.org/blog/mjw/2019/08/02/bzip2-and-the-cve-that-wasnt/

    But probably because NVD gave this a 9.8 critical score (!) some enterprise distros are "fixing" this CVE now by "backporting" a broken fix to bzip2 1.0.6 instead of upgrading to a release with a proper fix (bzip2 1.0.8)...

    https://gitlab.com/redhat/centos-stream/rpms/bzip2/-/commit/f9ed8e44ad56a1dd655d33dff7ad2344c71e91cf

    So now at least rhel-8, alma-8 and ol8 are shipping with a broken bzip2. Sigh.

    In conversation about 4 months ago from mastodon.nl permalink

    Attachments


    • Haelwenn /элвэн/ :triskell: likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.